[PC-BSD Testing] PC-BSD Beta: pefs doesn't not work out of the box

Martin Laabs mailinglists at martinlaabs.de
Sun Aug 18 23:29:14 PDT 2013


currently I use the 2nd beta version of the stable release. During
install and also in the user manager enabling of the pefs encryption of
the home directory is possible.
This encryption setup is not implemented correctly since it does not use
a keychain. Without the use of the keychain the pam module does not
unlock/decrypt the pefs mount. (Possible because is can not check the
supplied passphrase for correctness)

The solution for this bug is to recreate the home directory with a
keychain as described in the man page of pefs:

% umount -f /home/<loginname>
% rm -rf /home/<loginname>
% mkdir /home/<loginname>
% pefs addchain -fZ /home/<loginname>
  Enter parent key passphrase:
  Reenter parent key passphrase:
% pefs mount /home/<loginname>

After this procedure mounting the pefs with the pam modules works as

Best regards,
 Martin Laabs

More information about the Testing mailing list